From 29e659b1c0bb2b8d0018d02d09e04c2af9616d71 Mon Sep 17 00:00:00 2001 From: Hilko Bengen Date: Mon, 13 Dec 2021 00:47:01 +0100 Subject: [PATCH] Correctly handle symlinks --- log4j-vuln-finder.go | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/log4j-vuln-finder.go b/log4j-vuln-finder.go index 085ba0b..1111d0c 100644 --- a/log4j-vuln-finder.go +++ b/log4j-vuln-finder.go @@ -55,7 +55,7 @@ var vulnVersions = map[string]string{ func handleJar(path string, ra io.ReaderAt, sz int64) { zr, err := zip.NewReader(ra, sz) if err != nil { - fmt.Printf("cant't open JAR file: %s: %v\n", path, err) + fmt.Printf("cant't open JAR file: %s (size %d): %v\n", path, sz, err) return } for _, file := range zr.File { @@ -108,7 +108,16 @@ func main() { return nil } defer f.Close() - handleJar(path, f, info.Size()) + sz, err := f.Seek(0, os.SEEK_END) + if err != nil { + fmt.Printf("can't seek in %s: %v", path, err) + return nil + } + if _, err := f.Seek(0, os.SEEK_END); err != nil { + fmt.Printf("can't seek in %s: %v", path, err) + return nil + } + handleJar(path, f, sz) default: return nil }